DLA-3808-1: intel-microcode Security Advisory Updates

Intel has recently dispatched a series of crucial microcode updates for various Intel processors, encapsulated under the security advisory DLA-3808-1. In this update, Intel addresses several vulnerabilities that potentially compromise the security of machines using affected Intel hardware.

The most notable vulnerabilities impacted by these updates include:

  • CVE-2023-22655: A failure in the protection mechanism in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when utilizing Intel(R) SGX or Intel(R) TDX could allow a privileged user to potentially escalate privileges via local access.
  • CVE-2023-28746: Potential information disclosure through exposure from microarchitectural transient execution in some Intel(R) Atom(R) processors, accessible by an authenticated user locally.
  • CVE-2023-38575: A vulnerability involving non-transparent sharing of return predictor targets between contexts in certain Intel(R) processors which could lead to information disclosure by an authorized user locally.
  • CVE-2023-39368: A flaw in the bus lock regulator’s protection mechanism in some Intel(R) processors can allow an unauthenticated user to potentially launch a denial of service attack via network access.
  • CVE-2023-43490: Incorrect microcode keying mechanism calculation in some Intel(R) Xeon(R) D Processors with Intel(R) SGX allows a privileged user to potentially disclose information locally.

This update underscores the importance of keeping your computer's firmware up to date to protect against such vulnerabilities. Hardware security is as critical as software security and neglecting updates can lead to the exploitation of protected information or even system disruptions.

Intel advises all users of affected processors to apply these updates immediately to mitigate potential threats. For more details and to download the necessary updates, please visit our website.

Get the Latest Security Updates